Insight26.11.2021

Windows Bulk Enrollment

What is Bulk Enrollment?

When enrolling and setting up a large number of Windows 10/11 devices, a manual enrollment process quickly creates a not inconsiderable amount of work. Windows Bulk Enrollment is an efficient way to set up a large number of Windows 10/11 devices without having to manually complete enrollment on the devices each time through the system settings.

What are the requirements for Bulk Enrollments?

Mass device registration is available from Windows 10/11 for the Professional, Enterprise and Education versions. The Windows Configuration Designer (WCD) tool is required, which can be downloaded from the Microsoft Store. Alternatively, the WCD tool can be downloaded via the Windows Assessment and Deployment Kit (ADK) and is then also available in other languages.

The WCD tool can be used to create provisioning packages, which are needed to run bulk registration. The file format of provisioning packages is a ppkg file. This is a container for a collection of configuration settings.

Since Bulk Enrollment is not done with an Azure AD account or autopilot, these are not needed. Enrollment is ultimately done using a carrier media, such as a USB drive or SD card, that has the generated provisioning package from the WCD tool stored in the root directory. The carrier medium is connected to the corresponding Windows 10/11 devices with which the bulk registration is to be performed.

What are the benefits of Bulk Enrollment via Windows provisioning packages?

The provisioning packages facilitate the configuration of end-user devices without having to create an image. This enables quick and efficient configuration of a device, and the desired settings for enrolling devices in Relution can be easily specified. Using this workflow, target devices can be configured and enrolled in Relution within minutes.

Do settings have to be made in Relution in advance?

For Bulk Enrollment of Windows 10/11 devices, a manual enrollment must be created in Relution.

Relution interface with settings for creating a manual enrollment for the mass registration of Windows 10/11 devices

The validity of this enrollment can be freely selected and should be extended into the future as required. It is important that the multiple enrollment is activated in this step in order to be able to use the generated enrollment for several devices.

Dialog window during the setup process with the option to skip the provisioning package import and complete the process by selecting "Finish"

The subsequently generated enrollment code is required in the further process when creating the provisioning package via the WCD tool.

Relution backend displaying the generated enrollment code, which is used in the next step to create the provisioning package in the WCD tool

How to create a provisioning package with Windows Configuration Designer?

The following steps are performed after downloading and installing the WCD tool to create a provisioning package:

In the home screen, select the "Use advanced deployment" tile.

Start view of the Windows Configuration Designer with the selected tile "Use Advanced Provisioning" for creating a provisioning package

Specify project name and click “Next“.

Input mask in Windows Configuration Designer for specifying a project name with the option to proceed by clicking "Next"

Select "All Windows Desktop Editions" and click "Next".

Selection menu in Windows Configuration Designer with various Windows editions, where "All Windows Desktop Editions" is selected and the option to click "Next" is available

Import a provisioning package (optional) skip and click "Finish".

Screenshot of the installation screen with the option to skip the import of a provisioning package and complete the process by selecting "Finish"

Expand "Runtime Settings" -> "Workplace" in the left navigation area and click "Registrations".
Enter and add the e-mail address of a user from the corresponding Relution organization who has Device Manager rights.

View in Relution under "Runtime Settings" -> "Workplace" with the option to add the email address of a user with Device Manager rights under "Registrations".

Expand "UPN" in the left navigation pane and enter the following information for the remaining settings:

AuthPolicy: “OnPremise” select
DiscoveryServiceFullUrl: Specifies the corresponding domain of the Relution Server used
EnrollmentServiceFullUrl: Optional
PolicyServiceFullUrl: Optional
Secret: Input of the enrollment code from Relution.

View in Windows Configuration Designer with an expanded navigation pane "UPN" and filled fields, including "AuthPolicy" set to "OnPremise" and "DiscoveryServiceFullUrl"

After entering all settings, click "File" -> "Save" in the main menu.
Then click "Export" -> "Provisioning packages" in the main menu.

Menu view in Windows Configuration Designer with the selected options "Export" and "Provisioning Package" for creating a provisioning package

In the subsequent dialog, specify the values for the package, select the location for the package output and click "Create" at the end.

Screenshot of the input mask for defining the name, version, and priority ("Rank") for the provisioning package during the Windows mass registration process

Option in Windows Configuration Designer with the prompt "Select Security details for the provisioning package," offering a selection between "Encrypt package" or "Sign package" and displaying "Selected certificate"

Note: The provisioning profile should be protected (encrypted and/or signed) to provide additional protection for e.g. schools in case a USB stick or SD card is lost. Encryption prevents a potential attacker from accessing the ppkg file.

Display of the selection dialog "Choose location for the provisioning package" with a local path during the Windows mass registration process

Screenshot displaying "Build the provisioning package" with a status bar at the bottom showing the progress of the Windows mass registration process

Finalization of the Windows mass registration with the "All done" message and the paths for "Output location" and "Project folder"

View of Windows Explorer with Relution as the Runtime Provisioning Tool in a local folder.

How to apply a provisioning package on a Windows 10/11 device?

Connect the corresponding Windows 10/11 device to the USB drive where the provisioning package is located.
Access "Work or School Account" in "Settings" and click "Add or Remove Provisioning Package".

Menu view on a Windows 10/11 device in "Settings" with the selected option "Work or School Account"

Screen view of a Windows 10/11 device in the settings with the "Work or School Account" option open and the "Add or Remove Provisioning Package" feature

Screen view on a Windows 10/11 device with the option "Select a package," displaying the deployment package "relution.ppkg" and the ability to add it via "Add"

Note: The provisioning package must be placed in the root directory of the USB stick or SD card. Otherwise, the ppkg file will not be found and will not be displayed here.

Click on the "Add a package" icon.

Windows interface with the option "Add package" to apply a provisioning package on a Windows 10/11 device

Note: If an error occurs during the installation of the provisioning package, this is indicated below the respective provisioning package and corresponding details can be viewed, e.g. if an incorrect or expired enrollment code was used by Relution.

Subsequently, all steps that need to be performed manually in case of a manual enrollment are performed automatically with the information from the provisioning package and no further details need to be entered. After successful enrollment, the device is connected to the Relution server, shows up in the inventory list of the corresponding Relution organization and can be managed there.

View in Relution showing the successful registration of a device, now displayed and manageable in the inventory list of the respective organization

How can I tell that the provisioning package has been applied to the Windows 10/11 device?

Under “Settings” -> “Access work or school account”, the registration with the Relution MDM server is listed.

Screenshot of Windows settings under "Manage Work or School Account" showing successful registration with the Relution MDM server

Latest Insights

Relution and Samsung Knox Native Solution
16.02.2026
Relution and Samsung Knox Native Solution
Relution Parent
13.02.2026
Relution Parent
Relution Files for iOS & Android Enterprise
17.12.2025
Relution Files for iOS & Android Enterprise
Apple makes device migration to Relution easier with iOS 26, iPadOS 26, macOS
29.08.2025
Apple makes device migration to Relution easier with iOS 26, iPadOS 26, macOS
MDM briefly explained
25.07.2025
MDM briefly explained
Geo-zones in MDM: maximum control over mobile devicesGeo-zones in MDM: maximum control over mobile devices
10.03.2025
Geo-zones in MDM: maximum control over mobile devicesGeo-zones in MDM: maximum control over mobile devices
Data protection compliance with Relution - now more than ever
28.02.2025
Data protection compliance with Relution - now more than ever
Relution Kiosk Mode: Safer and easier device management
03.02.2025
Relution Kiosk Mode: Safer and easier device management
Cybersecurity, data protection and innovative solutions with Relution
10.01.2025
Cybersecurity, data protection and innovative solutions with Relution
VPN explained simply: How a virtual private network (VPN) protects your data
16.12.2024
VPN explained simply: How a virtual private network (VPN) protects your data